Bloomberg’s alleged China spy chip story is a big wake-up call for the Department of Defense and others to buy only U.S.-designed and U.S.-made servers from ITAR-approved suppliers. Find out why – and what to look for instead – in this piece from GMS CEO Ben Sharfi.
The October 4 Bloomberg article The Big Hack alleges that China added tiny spy chips to servers made by Supermicro that reached almost 30 U.S. companies, including Amazon and Apple. While Supermicro, Amazon and Apple refute the allegations addressed in the Bloomberg article, we see the report as a wake-up call for the DoD to buy only U.S.-designed and U.S.-made servers from ITAR-approved suppliers. Why?
- China has repeatedly shown a pattern of coordinated and well-funded attempts to infiltrate, hack, and disrupt U.S. security, secrets, and infrastructure. China has even declared its intention to defeat the U.S. technology industry by 2040.
- U.S. DoD routinely buys Taiwanese-made servers and deploys them in mission-, safety-, and security-critical areas
- More attempts will be made—we can be sure of that
If this alleged Supermicro backdoor hardware hack is true, then all of the DoD is compromised. Not only is Supermicro a popular choice for government contracts, it’s also the choice of many so-called rugged server suppliers who embed Supermicro boards into their systems. Their products are just as vulnerable, and China will definitely take advantage of every exploit possible.
This is what happens when short-term price dictates DoD buying decisions: pay a little now but surrender America’s security and our future. It simply doesn’t make sense to buy servers from Supermicro or from China or Chinese-controlled geographies.
The tiny spy chip outlined in the Bloomberg article allegedly allows the server to either pass data elsewhere or grants control of the server to an unknown entity—effectively allowing all of the server’s data to be seen and used by Chinese spies. In that case, DoD servers—and those installed into the DoD and the U.S. military by contractors using Chinese servers or servers from U.S. companies that contain Chinese servers—are suspect.
We believe the DoD should only buy American-designed, -manufactured and -owned servers from ITAR-approved American suppliers such as General Micro Systems. GMS designs its 1U and 2U rackmount servers using American industry standards, using GMS-designed schematics, and GMS-developed and owned BIOS software. GMS servers contain SecureDNA™ which includes sanitize/zeroize features, NSA-certified FIPS-140-2 solid state drives, SourceSafe™ BIOS, audited supply chain control, and numerous other security features that assure U.S. control with no Chinese or foreign intervention.
The COTS movement has made leading-edge technology such as servers appear inexpensive, but America’s security should not be sold out for a low-cost server.
Don’t buy Chinese or Taiwanese servers. Buy ITAR-approved and buy American.